Communication system

ABSTRACT

The invention relates to a communication system comprising a terminal ( 10 ), a first device ( 1 ) adapted to exchange data with said terminal ( 10 ), a second device ( 2 ) adapted to exchange data with said terminal ( 10 ), characterized in that it comprises means for pairing said first ( 1 ) and second ( 2 ) devices so as said second device ( 2 ) exchanges data with said terminal ( 10 ) through said first device ( 1 ).

FIELD OF THE INVENTION

The present invention relates generally products using secure elementssuch as smart cards or SD cards, etc. . . . and more specifically to acommunication system.

BACKGROUND OF THE INVENTION

It is a good practice to constantly challenge a product or service interms of costs, functionalities, etc. . . . . According to marketconstraints and user's requirements, some functionality may be reducedfor the benefits of others. Functionality having the last marketpressure or hidden from the user may disappear, integrated or limited toessential features.

Another trends highly demonstrated during the past years push theindustry to offer more and more user friendly devices exposing intuitiveusage. Some devices tend to concentrate more and more vector of services(telecommunication, payment, access control, . . . ) in a single device.

Any products having a one secure device as a smart card to one device'sreader connection may at long term merge into a single element. There isthen a need for keeping the essential credentials in a secure portabledevice such as a smart cart, and federate multiple secure elements in adevice without physical constraints related to the legacy deviceaccepting standard smart cards.

It is then an object of the invention to provide a communication systemand a method in which a secure element such as a UICC is located outsidethe terminal as a secure physical component on which credentials may bemanaged.

Thereto, the present invention provides a communication systemcomprising a terminal, a first device adapted to exchange data with saidterminal, a second device adapted to exchange data with said terminal,characterized in that it comprises means for pairing said first andsecond devices so as said second device exchanges data with saidterminal through said first device.

According to another aspect of the invention, the first device may beadapted to be located in said terminal.

According to other aspects of the invention, the second device may be aremote device.

According to another aspect of the invention, the second device may beadapted to embed a secure element.

According to another aspect of the invention, the means for pairing saidfirst device and second device may be near field communication (NFC)based technology.

According to another aspect of the invention, the means for pairing saidfirst device and second device may be intra body communication (IBC)based technology.

According to another aspect of the invention, the means for pairing saidfirst device and second device may be near field communication (NFC)based technology and intra body communication (IBC) based technology.

According to another aspect of the invention, the first device maycomprise a secure element adapted to authenticate said first device as ahonest point of communication.

The invention also provides a method for exchanging data between aterminal, a first device, a second device, said terminal comprising saidfirst device, said second device being a remote device characterized inthat it comprises establishing a communication tunnel by pairing betweensaid first device and a second device, exchanging data between thesecond device and the terminal through said first device.

According to another aspect of the invention, the method may compriseusing UWB as wireless communication channel for exchanging applicationdata after the pairing of said devices.

According to another aspect of the invention, the pairing between thefirst device and the second device may be released when a distancebetween the terminal and the remote second device is greater than apredetermined distance, said distance between the terminal and theremote second device being measured with Real Time Location Servicetechnology.

According to another aspect of the invention, the method may comprise amutual authentication step between said first device and said seconddevice.

According to another aspect of the invention, the method may comprisereceiving APDU commands from the remote second device, sending said APDUcommands to the terminal and vice versa.

The various aspects, features and advantages of the invention willbecome more fully apparent to those having ordinary skill in the artupon careful consideration of the following Detailed Description, givenby way of example thereof, with the accompanying drawing describedbelow:

FIG. 1 schematically shows a communication system according to anembodiment of the invention

DETAILED DESCRIPTION

The present invention may be understood according to the detaileddescription provided herein.

Shown in FIG. 1 is a communication system comprising a terminal 10, afirst device 1, and a second device 2.

The terminal 1 adapted to receive the first device 1, such as a proxycard 1.

The first device 1 is adapted to exchange data with the terminal 10 andis a local device such as a smart card irrespective of the form factor,i.e. ID1, 2FF, 3FF, SD card, etc. . . . . The first device 1 is forexample integrated in the terminal 10, such as a mobile phone.

It will be understood that the mobile phone is not a limited example andthat any device adapted for receiving such first device 1 may be used,such as a digital camera or an electronic funds transfer terminal or aportable computer, etc. . . . .

The second device 2 is adapted to exchange data with the terminal 10.The second device 2 is a remote device and may have any suitable formfactor. The remote second device 2 embeds at least a secure element (notrepresented) performing secure operations as the legacy smart cards inthe terminal 10. The secure element, such as a UICC is then remote butappears as local for the terminal 10 via the proxy card 1.

It will be understood that this secure element may be removable orintegrated in the remote second device 2.

It will be also understood that the remote UICC is not a limitedexample, and that any suitable secure element may be used, such as forexample a SD card, etc. . . . .

The proxy card 1 has the legacy form factor and acts as a proxy to theremote device 2.

The communication system comprises means for pairing the first device 1and the second device 2 so as the second device 2 is able to exchangedata with the terminal 10 through the first device 1. A fast wirelesstunnel is established by pairing between the first device 1, which actsas a proxy smart card 1, and the remote device 2. For pairing thesedevices, a first means of communication for short range operations (fewcentimeters) is able to select the device to pair. This first means ofcommunication also called hereinafter means of vicinity communication,allows exchanging essential data for bootstrapping a second means ofcommunication exposing high performances (larger range and higher speed)as the UWB (IEEE802.15.4a), Bluetooth, Zigbee, Wifi. Optionally, inorder to avoid security attacks as the Man-In-The-Middle attacks, theproxy card 1 comprises a secure element (not represented) toauthenticate the proxy card 1 as an honest point of communication.

The pairing is released after each power cycle of the terminal 10 or theremote second device 2 or after an explicit action of the user onterminal 10 or the remote second device 2 or if an application distancebetween the terminal 10 and the remote second device 2 is greater than adefined limit. The RTLS technology (Real Time Location Service) may beapplied to measure the said application distance.

In an embodiment, the means for pairing said first device 1 and seconddevice 2 are near field communication (NFC). By approaching the NFCantenna of the proxy card 1 and the remote second device 2, a channel ofcommunication is established for exchanging essential data for thepairing.

According to the invention, a method for exchanging data between theterminal 10 and the remote device 2 comprising a secure element such asa UICC, comprises a step of mutual authentication between the remoteUICC and the proxy card 1 in order to authorize communication betweenthe handset and the remote UICC. Once the authentication is done, dataare exchanged between the terminal 10 and the remote UICC through theproxy card 1. For doing so, the proxy card 1 comprises means forreceiving data such as APDU commands and means for transmitting suchdata from the remote UICC to the terminal 10 and vice versa. There iseither no need for the user to search for the element to pair or toenter any password as it is usual for the Bluetooth pairing.

According to another embodiment, the means for pairing said first device1 and the second devices 2 are intra body communication (IBC) basedtechnology. By touching the terminal 10, the user establishes a channelof communication via the proxy card 1 embedding the IBC technology andthe remote second device 2 close to the user's body. This channel ofcommunication allows exchanging essential data for the pairing.

According to another embodiment the means for pairing said first device1 and second device 2 are near field communication (NFC) basedtechnology and intra body communication (IBC) based technology.

Thanks to the invention, the remote secure element of the second device2 is physically independent of the terminal 10. The proxy smart card 1for example makes a wireless data tunnel to a smart card holder such asa Smart badge holder hosting the removable secure element or embeddingsuch secure element. The remote device 2 which hosts the secure elementmay provide new capability as the NFC or IBC technology and offers toupgrade legacy mobile terminals.

Thanks to this communication system, there is no more UICC in theterminal. The portability from a user to another user is maximal,easiest and fastest. It is then easy to change a terminal into another.The user may have many handsets in having a single remote UICC.

The proxy card offers a migration path for the terminal maker exposing aminimal impact of the UICC on its design. There is no need for theterminal to embed any secure element.

1. A communication system comprising a terminal (10), a first device (1)adapted to exchange data with said terminal (10), a second device (2)adapted to exchange data with said terminal (10), comprising means forpairing said first (1) and second (2) devices so as said second device(2) exchanges data with said terminal (10) through said first device(1).
 2. The communication system according to claim 1, wherein the firstdevice (1) is adapted to be located in said terminal.
 3. Thecommunication system according to claim 1 or 2, wherein said seconddevice (2) is a remote device.
 4. The communication system according toclaim 1 or 2, wherein said second device (2) is adapted to embed asecure element.
 5. The communication system according to claim 1 or 2,wherein the means for pairing said first device (1) and second device(2) are near field communication (NFC) based technology.
 6. Thecommunication system according to claim 1 or 2, wherein the means forpairing said first device (1) and second device (2) are intra bodycommunication (IBC) based technology.
 7. The communication systemaccording to claim 1 or 2, wherein the means for pairing said firstdevice (1) and second device (2) are near field communication (NFC)based technology and intra body communication (IBC) based technology. 8.The communication system according to claim 1 or 2, wherein the firstdevice (1) comprises a secure element adapted to authenticate said firstdevice as a honest point of communication.
 9. A method for exchangingdata between a terminal (10), a first device (1), a second device (2),said terminal (10) comprising said first device (1), said second device(2) being a remote device, the method comprising: establishing acommunication tunnel by pairing between said first device (1) and asecond device (2), exchanging data between the second device (2) and theterminal (10) through said first device (1).
 10. The method according toclaim 9, comprising using UWB as wireless communication channel forexchanging application data after the pairing of said devices (1,2). 11.The method according to claim 9 or 10, wherein the pairing between thefirst device and the second device is released when a distance betweenthe terminal and the remote second device (2) is greater than apredetermined distance, said distance between the terminal and theremote second device (2) being measured with Real Time Location Servicetechnology.
 12. The method according to claim 9 or 10, furthercomprising a mutual authentication step between said first device (1)and said second device (2).
 13. The method according to claim 9 or 10,further comprising receiving APDU commands from the remote second device(2), sending said APDU commands to the terminal (10) and vice versa.